MySQL 9.4.0
Source Code Documentation
secure_file.h
Go to the documentation of this file.
1/* Copyright (c) 2025, Oracle and/or its affiliates. */
2
3#include "my_sys.h"
4#include "mysql/strings/m_ctype.h"
5#include "nulls.h"
6
7/**
8 Test a file path to determine if the path is compatible with the secure file
9 path restriction.
10
11 @param path null terminated character string
12 @param opt_secure_file_priv secure_file_priv content
13 @param system_charset_info system charset
14 @param files_charset_info files charset
15 @param lower_case_file_system true if lower case file system, false otherwise
16
17 @retval true The path is secure
18 @retval false The path isn't secure
19*/
20
21bool is_secure_file_path(const char *path, const char *opt_secure_file_priv,
22 CHARSET_INFO *system_charset_info,
23 CHARSET_INFO *files_charset_info,
24 bool lower_case_file_system) {
25 char buff1[FN_REFLEN], buff2[FN_REFLEN];
26 size_t opt_secure_file_priv_len;
27 /*
28 All paths are secure if opt_secure_file_priv is 0
29 */
30 if (!opt_secure_file_priv[0]) return true;
31
32 opt_secure_file_priv_len = strlen(opt_secure_file_priv);
33
34 if (strlen(path) >= FN_REFLEN) return false;
35
36 if (!my_strcasecmp(system_charset_info, opt_secure_file_priv, "NULL"))
37 return false;
38
39 if (my_realpath(buff1, path, 0)) {
40 /*
41 The supplied file path might have been a file and not a directory.
42 */
43 const int length = (int)dirname_length(path);
44 if (length >= FN_REFLEN) return false;
45 memcpy(buff2, path, length);
46 buff2[length] = '\0';
47 if (length == 0 || my_realpath(buff1, buff2, 0)) return false;
48 }
49 convert_dirname(buff2, buff1, NullS);
50 if (!lower_case_file_system) {
51 if (strncmp(opt_secure_file_priv, buff2, opt_secure_file_priv_len))
52 return false;
53 } else {
54 assert(opt_secure_file_priv_len < FN_REFLEN);
55 buff2[opt_secure_file_priv_len] = '\0';
56 if (files_charset_info->coll->strcasecmp(files_charset_info, buff2,
57 opt_secure_file_priv))
58 return false;
59 }
60 return true;
61}
convert_dirname
char * convert_dirname(char *to, const char *from, const char *from_end)
Convert directory name to use under this system.
Definition: mf_dirname.cc:207
dirname_length
size_t dirname_length(const char *name)
Get the string length of the directory part of name, including the last FN_LIBCHAR.
Definition: mf_dirname.cc:62
my_realpath
int my_realpath(char *to, const char *filename, myf MyFlags)
Definition: my_symlink.cc:139
m_ctype.h
A better implementation of the UNIX ctype(3) library.
my_strcasecmp
int my_strcasecmp(const CHARSET_INFO *cs, const char *s1, const char *s2)
Definition: m_ctype.h:651
system_charset_info
MYSQL_PLUGIN_IMPORT CHARSET_INFO * system_charset_info
Definition: mysqld.cc:1566
FN_REFLEN
#define FN_REFLEN
Definition: my_io.h:87
my_sys.h
Common header for many mysys elements.
lower_case_file_system
bool lower_case_file_system
Definition: mysqld.cc:1291
opt_secure_file_priv
const char * opt_secure_file_priv
Definition: mysqld.cc:1288
path
static char * path
Definition: mysqldump.cc:150
gis::length
bool length(const dd::Spatial_reference_system *srs, const Geometry *g1, double *length, bool *null) noexcept
Computes the length of linestrings and multilinestrings.
Definition: length.cc:76
NullS
#define NullS
Definition of the null string (a null pointer of type char *), used in some of our string handling co...
Definition: nulls.h:33
is_secure_file_path
bool is_secure_file_path(const char *path, const char *opt_secure_file_priv, CHARSET_INFO *system_charset_info, CHARSET_INFO *files_charset_info, bool lower_case_file_system)
Test a file path to determine if the path is compatible with the secure file path restriction.
Definition: secure_file.h:21
files_charset_info
MYSQL_PLUGIN_IMPORT CHARSET_INFO * files_charset_info
Definition: mysqld.cc:1566
CHARSET_INFO
Definition: m_ctype.h:421
CHARSET_INFO::coll
MY_COLLATION_HANDLER * coll
Definition: m_ctype.h:454
MY_COLLATION_HANDLER::strcasecmp
int(* strcasecmp)(const CHARSET_INFO *, const char *, const char *)
Definition: m_ctype.h:310